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0 /* Copyright Aventail Corporation 1997-2000; All Rights Reserved */ 

1 /* sslenv.c is the SSL environment file; it defines functions used by 

2 the SSL module as callbacks for managing mutexes, memory, I/O, 

3 and user interaction, */ 
4 

5 #include "sslmain.h" 

6 #include "sslldap.h" 

7 #include "ldapcert.h" 

8 #include <aglobal.h> 

9 #include <bsafe,h> 
10 #include <pkcs.h> 

<due to the size of this file and the small portion of it which is relevant here, we include only the single function SSLEncodO 
970 int FAR EXPORT SSLEncode (SSPacket *ibuf, SSPacket *obuf , int flag, void *handle) 



972 SSSSLHandle *ref = handle; 

973 SSSSLFlowConnection *conn = & (ref->conn) ; 

974 SSLContext *ctx = ref->ctx; 

975 uint32 ilen; 

976 uint32 len = ibuf ? ibuf->len : 0; 

977 int ssloppy = 0; 
978 

979 #ifdef HYPER_DEBUG 

980 int i; 

981 #endif 

982 SSLErr err> 

983 uint32 wrtp = 0; 
984 

985 if (flag & S5_STATEDUMP) 

986 { 

987 SSLBuffer block; 

988 unsigned totalSize; 

989 PSSLStateDump dump - (PSSLStateDump) obuf->data; 
990 

"1 if (obuf->len < 4096) 

992 { 

"3 obuf->len = 4096; 

994 return ENCODE_BUFFER_TOO_SMALL ; 



} 

// get the SSL state 
// 

if ({err = SSLExportContext (ctx, &block) ) SSLNoErr) 

if (GlobalUpdate) 

GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

I DS_SSL_EX PORT CONTEXT FA I LED, err) ; 

return -1; 

) 

// compute the total size of the data 
// 

totalSize = block. length + sizeof (SSLStateDump) ; 

// validate the output buffer size 
// 

if (obuf->len < totalSize) 
{ 

obuf->len = totalSize; 
SSLFreeBuffer(&block, &ctx->sysCtx) ; 
return ENCODE_BUFFER TOO SMALL; 
} " 

// put the SSLStateDump structure at the beginning of the output buffer 

dump->SSLContext « ctx; 
dump->ContextSize = sizeof (SSLContext) ; 
dump->SSLState.data « (uint8 *)(dump+l); 



996 
997 
998 
999 
1000 
1001 
1002 
1003 
1004 
1005 
1006 
1007 
1008 
1009 
1010 
1011 
1012 
1013 
1014 
1015 
1016 
1017 
1018 
1019 
1020 
1021 
1022 
1023 
1024 



File: socksS / common / moaules / authentication / ssl / sslenv^c Page2of7 
Revision 1.136.2.1, by marcvh 

1025 dump->sSLState. length = block. length; 

1026 

1027 //. copy the SSL state to the output buffer 

1028 // 

1029 memcpy(dump->SSLState.data, block. data, block . length) ; 

1030 obuf->len « totalSize; 

1031 SSLFreeBuf fer (Sblock, &ctx->sysCtx) / 
1032 

1033 if (GlobalUpdate) 

1034 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

1035 IDS_SSL_EXPORTEDCONTEXT, obuf->len) ; 
1036 

1037 return 0; 

1038 } 
1039 

1040 if (ref->endtime > 0) 

1041 if (timet (time_t *) NULL) >= ref->endtime) { 

1042 if (GlobalUpdate) 

1043 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

1044 IDS_SSL_LIFETIMEEXCEEDED) ; 

1045 return -1; 

1046 ) 
1047 

1048 SSLGetWritePendingSizefctx, &wrtp) ; 

1049 #ifdef HYPERJ5EBUG 

1050 if (wrtp) 

1051 if (GlobalUpdate) 

1052 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5__LOG_VERBOSE, 

1053 IDS SSL BYTESPENDINGWRITE, wrtp) ; 

1054 #endif " ~ F 
1055 

1056 if (flag & S5_DATAGRAM) 

1057 if (ref->ssloppy) 

1058 { 

1059 ' if ( (rt = SSLSetSloppyMode(ctx, 1)) != SSLNoErr) 

1060 { 

1061 i f { Gl obalUpdat e ) 

1062 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_WARNING, 
1°*P IDS_SSL SSLOPPYMODEFAILED, rt) / 

1064 return -1; 

1065 } 

1066 ssloppy = 1; 

1067 } 

1068 else 

1069 { 

1070 /* UDP naked, baby! */ 

1071 #ifdef HYPER_DEBUG 

1072 if (GlobalUpdate) 

1073 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

VP* _ J>JB I D S_S S L_GOT DATAGRAM , flag, ibuf->len); 

1U75 #endif 

1076 

1077 #ifdef OPTIMIZE_UDP_NAKED 

1078 /* this is much cleaner and faster, but causes inconsistency in the 
1° 79 API from the caller. Sigh. */ 

1080 *obuf = *ibuf; 

1081 #else 

1082 #ifdef WIN32 

1083 obuf->data = HeapAlloc (GetProcessHeap ( ) , 0, ibuf->len) ; 

1084 #else 

1° 8 5 obuf->data - malloc (ibuf->len) ; 

1086 #endif 

1087 if (obuf->data == NULL) { 

1088 #ifdef HYPER_DEBUG 

1089 FPRINTF(stderr, _T ( "Returning error, buf data is null in 
obufdata\n n ) ) / 

1090 #endif 

1091 return SSLMemoryErr; 

1092 ) 

1093 memcpy(obuf->data, ibuf->data, ibuf->len) ; 
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1094 obuf->len « ibuf->len; 

1095 #endif 

1096 return ibuf->len; 

1097 } 
1098 

1099 
HOC 

1101 if (flag &. S5_ENCODE) ( 
1102 

#ifdef HYPER_DEBUG 

if (GlobalUpdate) 

GlobalUpdate (sslLogHandle, S5_LOG_MISC,S5_LOG_VERBOSE, 

IDS SSL ENCODINGBYTES , ibuf->len) ; 

UTOSOCKS 
for(i = 0/ i < ibuf->len; 

FPRINTF(stderr, _T("%02x ") , ibuf->data [i] ) ; 
FPRlNTF(stderr, _T("\n H )); 



1103 


#ifdef 


1104 




. 1105 
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#ifndef 
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1111 


#endif 


1112 


ftendif 


1113 




1114 


#define 


1115 




1116 


#ifdef ; 


1117 
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1123 


#endif 


1124 




1125 




1126 
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1128 






obuf-: 


1129 






+ 64 • 
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1159 




1160 




1161 




1162 





if(ibuf->len > SSL_MAX_ENCODE_SIZE) { 

conn->modctx. log. update (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

IDS_SSL_MAXENCODESIZEEXCEEDED, 
ibuf->len, SSL MAX ENCODE SIZE) ; 
ibuf->len « SSL_MAX ENCODE SIZE/ - - - 

) ~ 

if (obuf->data != NULL) { 

if(obuf->len < (int) (ibuf->len + SSL_HEADLEN + 64 + wrtp) ) { 

conn->modctx. log. update (sslLogHandle, S5_LOG_MISC, S5_LOG_DEBUG, 

IDS_SSL_BUFFERTOOSHORT, 



+ wrtp) ) j 



(ibuf->len + SSL HEADLEN 



} else 



obuf->len « (int) ibuf->len + SSL_HEADLEN + 64 + wrtp; 

if(ssloppy) SSLS'etSloppyMode{ctx, 0); 

return ENCODE_BUFFER TOO SMALL; 
} " " 

conn->writebuffer.data = obuf->data; 
conn->writebuffer.len = obuf->len; 
conn->writebuf fer.off = SSL_HEADLEN; 
Conn->writeflag = S S L_FLOW_WRI T E_NOMAKE B U F ; 

conn->writeflag = 0; 



ilen = (uint32) ibuf->len; 

if ((err = SSLWrite (ibuf->data, &ilen, ctx) ) ) { 

conn->modctx . log . update ( sslLogHandle , S5_LOG_MISC, S5_LOG_ERROR, 

IDS_SSL_WRITEERROR, err) ; 

if(ssloppy) SSLSetSloppyModetctx, 0) ; 
return -1; 

} 

if (conn->writebuf fer.off > OxFFFF) { 

conn->raodctx . log. update (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

IDS_SSL_PACKETTOOBIG, 
conn->writebuf fer.off ) ; 

if(ssloppy) SSLSetSloppyMode (ctx, 0) ; 
return -1; 

} 

if (obuf->data !*= NULL) { 

/* Here we shift the semantics of writebuffer; off now points 
to the beginning of the data, and len points to the end of 
the data, not the length of the buffer, which we no longer 
need to know. since we don't be depositing anything new in it */ 
obuf->len = conn->writebuf fer . of f ; 
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} else { 



conn->writebuffer.len =» conn->writebuf fer .of f ; 
conn->writebuf fer .of f ». SSL HEADLEN; 



if (conn->writebuf fer .of f SSL_HEADLEN) 

/* Wow! Some thoughtful soul in SSLFlowWrite has left us a 4 
byte offset in the writebuffer so we can insert our header 
without needing to malloc a new buffer and memcpy into it! */ 
obuf->data - conn->writebuf fer .data; 



Hfndef _WINDOWS 
#else 

#ifdef WIN32 



SSL_HEADLEN) ; 
#endif 
#endif 



else { 



obuf->data = malloc (conn->writebuf fer . len + SSL_HEADLEN) / 



obuf->data « HeapAlloc (GetProcessHeap ( ) , 0, 

conn->writebuf fer. len + 



#ifdef WIN32 
#else 
#endif 

> 



if (obuf->data == NULL) { 

conn->modctx. log. update (sslLogHandle, S5_LOG_MISC, 

S5_LOG_ERROR, I DS_SSL_MALLOC FAILED) ; 

if(ssloppy) SSLSetSloppyMode(ctx, 0) ; 
return -1; 

} 

memcpy (obuf->data + SSL_HEADLEN, 

conn->writebuf fer. data + conn->writebuf fer . of f , 
conn->writebuffer.len - conn->writebuf fer . of f ) ; 



HeapFree (GetProcessHeap () , 0, conn->writebuf fer . data) ; 
free (conn->writebuf fer. data) ; 



obuf->len = (int) (conn->writebuf fer . len - 

conn->writebuf fer. off + SSL_HEADLEN) ; 



obuf->data[0] = S SL_HEAD VERS ION; 
obuf->data[l] =■ conn->state; 

obuf->data[2] = (uint8) ( (conn->writebuf fer . len - conn->writebuf f er . of f ) 

» 8); 

obuf->data[3] = (uint8) ( (conn->writebuf fer. len - conn->writebuffer.of f j 

& OxFF); 

conn->writebuf fer. data - NULL; 
conn->writebuffer.len = 0; 
conn->writebuffer.off = 0; 
if (GlobalUpdate) 

GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

IDS_SSL ENCODERETURNING, obuf->len, ilen) ; 
#ifdef HYPER_DEBUG ~ 
#ifndef AUTOSOCKS 

for(i = 0; i < obuf->len; i++) 

FPRINTF(stderr, _T("%02x "), obuf->data [i] ) ; 
FPRINTF(stderr, _T("\n")); 



#endif 
#endif 



} 



if(ssloppy) SSLSetSloppyMode(ctx, 0) ; 
return (int) ilen; 



*/ 



/* we must be decoding, instead of encoding. 
#ifdef HYPER_DEBUG 
if (GlobalUpdate) 

GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5__L0G_VERB0SE, 

IDS_SSL_DECODINGBYTES, ibuf->len) ; 

if (GlobalUpdate) 

GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5__LOG_VERBOSE, 

IDS_SSL_READBUFFERCOMINGIN, 
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1232 conn->readbuffer .len - conn->readbuf fer .of f ) ; 

1233 #ifndef AUTOSOCKS 

1234 for(i = 0; i < ibuf->len; 

1235 FPRINTF(stderr, _T("%02x "), ibuf->data [i] ) ; 

1236 FPRINTF(stderr, _T("\n M )); 

1237 #endif 

1238 #endif 
1239 

1240 if(ibuf->len < SSL_HEADLEN) 

1241 { 

1242 conn->modctx. log. update (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

124 3 IDS_SSL_DECODEINCOMPLETEPACKET) ; 

1244 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1245 return -1; 

1246 } 
1247 

1248 if (ibuf->data[0] != S S L_HE AD VERS I ON ) { 

1249 conn->modctx. log. update (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

12 50 I DS_SSL_HEAD£RVERS I ONMI SMATCH , 

1251 S S L_H E AD VERS I ON , ibuf->data [0] ) ; 

1252 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1253 return -1; 

1254 } 

1255 if (ibuf->data[l] != conn->state) { 

1256, conn->modctx . log . update (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

1257 ' I DS_SSL_HEADERSTATEMI SMATCH, 

1258 conn->state, ibuf->data{l] ) ; 

1259 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1260 return -1; 

1261 } 
1262 

1263 ilen - ((uint8) ibuf->data [2J ) « 8; 

1264 ilen |= (uint8) ibuf->data [3] ; 

1265 ilen SSL_HEADLEN; /* we must include the header in the length because 

1266 no man is an ilen. Er, because it's the length 
12 of the whole record, including the header. */ 
1268 

1269 #ifdef HYPER_DEBUG 

1270 if (Global Update) 

1271 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_VERBOSE, 

1272 IDS_SSL_PACKETSIZE, ilen) / 

1273 #endif 
1274 

1275 if(ibuf->len < (int) (ilen)) { 

127 6 conn- >modc tx . log . update (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

!277 IDS_SSL_DECODEINC0MPLETEPACKET) ; 

1278 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1279 return -1; 

1280 ) 
1281 

1282 #if 0 

1283 if(ibuf->len > (int) (ilen)) { 

1284 conn->modctx. log. update (sslLogHandle, S5_LOG_MISC, S5_LOG_ERROR, 

12 85 I DS_SSL_DECODE0VERFULL PACKET) / 

1286 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1287 return -1/ 

1288 ) 

1289 #endif 
1290 

1291 SSLGetReadPendingSize(ctx, swrtp) ; /* this should be zero, but seems to 

1292 not always be, so we be safe.. */ 
1293 

1294 #if 0 

1295 /* we need to choose the size of the obuf here; since SSL adds some 

1296 boundary information the size of the input should be big enough. 

1297 if SSL+ starts to support compression this assumption will have 

1298 to change. */ 

1299 len - conn->readbuf fer. len - conn->readbuf fer .of f + wrtp + ilen; 

1300 #else 

1301 /* OK, so we decided to change it. Now we know the record can't 

1302 be larger than 16K. */ 
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1303 7* len = conn->readbuf fer . len - conn->readbuf f er .of f + wrtp + 16384; */ 

1304 /* Hmm. . the above seems to cause telnet to studder, while a fixed 32k 

1305 size fixes it, so 32k it shall be... */ 

1306 len = 32767; 

1307 #endif 

1308 if (obuf->data != NULL) { 

1309 if(obuf->len < (int) len) { 

1310 if (GlobalUpdate) 

1311 GlobalUpdate(sslLogHandle,S5_LOG_MISC,S5_LOG_DEBUG, 

1312 IDS_SSL_BUFFERTOOSMALL, obuf->len, len); 

1313 obuf->len = (int) len; 

1314 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1315 return ENCODE_BUFFER TOO SMALL; 

1316 } " ~ 

1317 } else { 

1318 #ifndef _WINDOWS 

1319 obuf->data = (unsigned char *) malloc(len); 



1320 #else 

1321 #ifdef WIN32 

1322 obuf->data = HeapAlloc (GetProcessHeap ( ) , 0, len); 

1323 #endif 

1324 #endif 

1325 ) 

1326 #if 0 



1327 /* must read all the data we can. . */ 

1328 len = ilen + conn->readbuf fer .len; 

1329 #endif 
1330 

1331 if (conn->readbuf fer. data » NULL) { 

1332 /* conn->readbuf fer. data = malloc( (size_t) (len - SSL_HEADLEN) ) ; */ 

1 333 /* Try to re-use the input buffer instead of needing to create 

1334 a new one and memcpy into it. readflag lets us know we did 

1335 this so we don't try to change or free the space later */ 

1336 conn->readbuf fer. data = ibuf->data; 

1337 conn->readbuffer.len = ilen; 

1338 conn->readbuf fer. off = SSL_HEADLEN; 

1339 conn ->re ad flag = SSL_FLOW_READ_NOOWNBUF; 

1340 } else { 

1341 conn->readbuf fer. data = realloc (conn->readbuf fer . data, 

1 342 (size_t> (len - SSL_HEADLEN) ) ; 

1343 conn->readflag = 0; 

1344 if (conn->readbuf fer. data « NULL) { 

1345 conn^>modctx . log. update (ssltogHandle, S5_L0G_MISC, S5_L0G_ERR0R, 

1346 IDS_SSL_REALLOCFAILED) ; 

1347 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1348 return -1; 

1349 } 

1350 memcpy (conn->readbuf fer. data + conn->readbuf fer .len, 

1351 ibuf->data + SSL_HEADLEN, (size__t) (ilen - SSL_HEADLEN) ) ; 

1352 conn->readbuffer.len +» ilen - SSL HEADLEN; 

1353 ) 
1354 

1355 if ((err * SSLRead( (void *) obuf->data, &len, ctx)) && 

1356 (err != SSLWouldBlockErr) ) { 

1357 conn->modctx . log. update (sslLogHandle, S5_L0G_MISC, S5'_LOG_ERROR, 

1358 I DS_S S L_READERROR , err) ; 

1359 if(ssloppy) SSLSetSloppyMode (ctx, 0); 

1360 return -1; 

1361 } 

1362 obuf->len = (int) len; 



1363 #ifdef HYPER_DEBUG 

1364 if (GlobalUpdate) 



1365 GlobalUpdate (sslLogHandle, S5_L0G_MISC, S5_L0G_VERB0SE, 

1366 IDS_SSL_ENCODERETURNINGBYTES, 
1567 ilen, len) ; 

1368 if (GlobalUpdate) 

1369 GlobalUpdate (sslLogHandle, S5_L0G_MISC, S5_L0G_VERB0SE, 

1 37 0 IDS_SSL_READBUFFERGOINGOUT, 

1 37 1 conn->readbuffer.len - conn->readbuf f er . of f ) ; 

1372 #ifndef AUTQSOCKS 

1373 for(i = 0; i < len; i++) 
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1374 FPRINTF(stderr, _T("%02x "), obuf->data [i] ) ; 

1375 FPRINTF(stderr, _T("\n")); 

1376 iendif 

1377 #endif 

1378 if (conn->readflag & SSL_FLOW_READ_NOOWNBUF) 

1379 if (conn->readbuffer.off < conn->readbuf fer . len) { 

1380 BYTE *t; 
1381 

1382 if (GlobalUpdate) 

13 83 GlobalUpdate (sslLogHandle, S5_LOG_MISC, S5_LOG_WARNING, 

1384 I D S_S S L_ENC ODE L EAV I NG D AT A , 

1385 conn->readbuf fer. len - conn->readbuf fer . of f ) , 

1386 t = raalloc(conn->readbuffer.len - conn->readbuf fer . of f ) ; 

1387 memcpy(t, conn->readbuf fer .data + conn->readbuf fer . of f , 

1388 conn->readbuf fer. len - conn->readbuf fer . of f ) ; 

1389 conn->readbuf fer. data = t; 

1390 conn->readbuffer.len = conn->readbuff er . len - conn->readbuf fer . of f ; 

1391 conn->readbuf fer. off = 0/ 

1392 } else { 

1393 conn->readbuf fer. data = NULL; 

1394 conn->readbuffer.off = 0; . 

1395 conn->readbuffer.len = 0; 

1396 ) 

1397 if(ssloppy) SSLSetSloppyMode (ctx, 0) ; 

1398 return (int) ilen; 

1399 } 



